Penetration Tester (Social Engineering Specialist)
Positions
Penetration Tester (Social Engineering Specialist)
Employment:
Full-Time
Setup:
WFH
We are seeking a highly skilled Penetration Tester with a strong focus on Social Engineering to join our cybersecurity team. This role involves planning and executing controlled social engineering campaigns—including phishing, vishing, smishing, and physical pretexting—to assess organizational vulnerabilities, strengthen human-layer defenses, and support overall security posture improvement.
Key Responsibilities
Plan, design, and execute social engineering engagements, including phishing simulations, business email compromise scenarios, vishing calls, smishing tests, and credential harvesting campaigns.
Conduct penetration testing activities across networks, applications, cloud environments, and endpoints to identify technical vulnerabilities that complement social engineering findings.
Develop tailored attack scenarios based on current threat intelligence, industry trends, and organizational risk levels.
Analyze engagement results and provide detailed reporting, including risk assessments, root-cause analysis, actionable remediation recommendations, and executive-level summaries.
Collaborate with security awareness teams to enhance employee training content based on observed behaviors and recurring findings.
Ensure compliance with all legal, ethical, and organizational guidelines when conducting offensive security operations.
Document methodologies and maintain testing tools, scripts, payloads, and procedures in accordance with internal standards.
Stay updated on emerging social engineering tactics, phishing kits, malware delivery techniques, and adversary tradecraft.
Requirements
Essential Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience.
2+ years of hands-on experience in penetration testing, red teaming, or social engineering operations.
Strong understanding of phishing frameworks, email security (DMARC, DKIM, SPF), OSINT techniques, and threat actor behavior.
Experience using tools such as GoPhish, Evilginx2, SET (Social-Engineer Toolkit), Burp Suite, Kali Linux, and OSINT platforms.
Excellent written and verbal communication skills, especially for reporting and executive presentations.
Knowledge of MITRE ATT&CK, cyber kill chain methodology, and common exploitation techniques.
Preferred Qualifications:
Certifications such as OSCP, OSEP, CEH, CPTS, CompTIA Pentest+, SANS SEC560, or SEPP/SETA (Social Engineering certifications).
Experience in cloud security testing, web application pentesting, and adversary emulation.
Familiarity with SIEM tools, email security gateways, and identity protection solutions.
